The Wild West of Cyber Attacks in Operations
This week’s guest blog entry comes to us from Rob Dolci, President of Aizoon US. Every day we receive news of cyber-attacks directed at our government, institutions, and businesses. With more than 160,000 new pieces of malware (hacking software) reaching the internet daily, public opinion deems this “business as usual”. The frequency of cyber crime and the relative infrequency of arrests and prosecutions leads to the resigned assumption by many that there is little that can be done. In recent change of focus for hackers, attacks were directed at power generation plants, automotive factories, cars, HVAC and power distribution systems in different industries. It seems that stealing credit cards is being overtaken by blackmailing and disruptive attacks at the Operations side of businesses. Indeed, this new type of crime focuses more on blackmailing attempts for brand damage than actual stealing of information. With 205 days being the industry average for “dwell time”, which means the time it takes a company to realize they have been compromised, it is clear most activities aim at spying the victim before causing real damage. Even more discouraging is the reality that companies working to protect our infrastructures and businesses from malware and cybercrime are themselves hacked. In the past two years, two large security companies had their software leaked on the Internet, to the advantage of anyone with some decent programming skills and illegal intentions, and the embarrassment of several police and military forces that used to rely on those protections. In the US, the SPY Act and the Cybersecurity Information Sharing Act of 2015 aim at protecting businesses and changing the issue of liability and public disclosure. This is most important as most companies refrain from speaking about their problems on fear of being penalized in court with heavy fines. Solving the cyber-attack problem requires a multi-pronged strategy because it really is the Wild West out there on the Internet.- At the highest international level, governments need to agree on law-enforcement treaties so that criminals can be reached and punished anywhere.
- Governments also need to recognize that trade commitments only work if intellectual property is protected and commercial practices remain legal.
- Domestically, more needs to be done to develop research and keep abreast of technological innovation, so that organizations in government and private sectors can benefit from the latest technologies.
- Education at both secondary and college level need to raise awareness in the younger generation and support the development of cyber security as required curriculum for all professions that design and engineer the economy of tomorrow.
- Decision makers in business need to make cyber security a priority in the evaluation of their enterprise as well as in the development of their new products and services.
Rob Dolci is an Industrial Engineer with an MBA from Strathclyde University (Glasgow). With 20+ years’ experience in automotive and industrial automation, Rob started Aizoon in the US in 2014. Hear more from Rob during FABTECH Education Session F27: Machine Monitoring and Cyber Risks for the Factory Floor on Wednesday, Nov. 16 from 10:30 AM – 12:30 PM. Learn more here.